Agents = Resistance. Admins don't want agents on their systems. Agents use resources. Agents have to be monitored and cared for. Agents have to be updated.

Windows Event Collection to the rescue

WEC provides the power of an agent with a zero foot print and completely hands-off control. Leveraging Active Directory we can cause any number of endpoints to forward their most important security events to the Windows event collector of our choice – or in very large organizations we can distribute that load across multiple collectors as necessary.

At that point, whether you use agents to push events or WMI/RPC to pull events, the burden of getting these events into your SIEM or log management solution now drops from thousands of systems down to a handful.

WEC also gives you options to deal with the size issue of event logs. Even with WEC's ability to bring event logs to your SIEM's doorstep, maybe you can't afford to upgrade the hardware and licenses necessary to handle that kind of influx of log data. Or maybe your SIEM's scalability tops out at a certain point. One of these is the situation for most enterprises.

Then it's time to acknowledge that the majority of security log data is noise and leave that noise behind. With the power of advanced Xpath queries you can filter out the noise and get the much smaller number of important events. That requires specialized knowledge of Xpath and the Windows security log but read on.

In this deeply technical, real training for free ™ webinar I will implement Windows Event Collection live and demonstrate how to:

Target endpoints at your Windows Event Collectors

Set up a Windows Event collector

Create a subscription on the collector

Scoped to a certain group of computers as forwarders

Includes advanced filtering of noise events

Monitor the subscription as source computers begin to forward events

Troubleshoot problem forwarders

After this detailed tour of Windows Event Collection, it will be time for the most exciting announcement I've made since starting UltimateWindowsSecurity.com and LOGbinder. It will be the official release of a new and unique solution for managing Windows Event Collection. There's nothing like it in the world and I can't wait to show it to you. This solution automates every aspect of Windows Event Collection from:

configuring collectors

the creation of subscriptions

advanced filtering that safely ignores the noise without also suppressing important events

To advanced enterprise features like

load balancing large environments across multiple forwarders

24/7 health analysis and monitoring of every forwarder

performance monitoring and capacity planning – all from one pane of glass

Please join me for this technical, real training for free ™ event and the exciting announcement and demonstration that follows.